<!DOCTYPE html><html lang="zh-CN" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0,viewport-fit=cover"><title>分类: 技术教程 | 小小程序员</title><meta name="author" content="十一星野"><meta name="copyright" content="十一星野"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta name="description" content="权限控管理作为后台管理系统中必要的功能，mall 项目中结合 Spring Security 实现了基于路径的动态权限控制，可以对后台接口访问进行细粒度的控制，今天我们来讲下它的后端实现原理。  #👍 相关视频教程 权限模块数据库表解析open in new window 权限模块接口设计与实现_上篇open in new window 权限模块接口设计与实现_下篇open in new wi">
<meta property="og:type" content="article">
<meta property="og:title" content="手把手教你搞定权限管理，结合Spring Security实现接口的动态权限控制！">
<meta property="og:url" content="https://ko25891wan.gitlab.io/2024/01/a454573acf05.html">
<meta property="og:site_name" content="小小程序员">
<meta property="og:description" content="权限控管理作为后台管理系统中必要的功能，mall 项目中结合 Spring Security 实现了基于路径的动态权限控制，可以对后台接口访问进行细粒度的控制，今天我们来讲下它的后端实现原理。  #👍 相关视频教程 权限模块数据库表解析open in new window 权限模块接口设计与实现_上篇open in new window 权限模块接口设计与实现_下篇open in new wi">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://qiniu.ko25891wan.top/%E6%97%A5%E8%AE%B0%E8%BD%AF%E4%BB%B6/%E5%A4%B4%E5%83%8F/%E7%81%B0%E5%A4%AA%E7%8B%BC.png">
<meta property="article:published_time" content="2024-01-21T09:27:44.000Z">
<meta property="article:modified_time" content="2024-02-02T15:00:40.491Z">
<meta property="article:author" content="十一星野">
<meta property="article:tag" content="宅男,热血">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://qiniu.ko25891wan.top/%E6%97%A5%E8%AE%B0%E8%BD%AF%E4%BB%B6/%E5%A4%B4%E5%83%8F/%E7%81%B0%E5%A4%AA%E7%8B%BC.png"><link rel="shortcut icon" href="/img/favicon.png"><link rel="canonical" href="https://ko25891wan.gitlab.io/2024/01/a454573acf05.html"><link rel="preconnect" href="//fastly.jsdelivr.net"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.staticfile.org/font-awesome/6.5.1/css/all.min.css"><link rel="stylesheet" href="https://cdn.staticfile.org/fancyapps-ui/5.0.32/fancybox/fancybox.min.css" media="print" onload="this.media='all'"><script>const GLOBAL_CONFIG = {
  root: '/',
  algolia: undefined,
  localSearch: {"path":"/search.xml","preload":false,"top_n_per_article":1,"unescape":false,"languages":{"hits_empty":"找不到您查询的内容：${query}","hits_stats":"共找到 ${hits} 篇文章"}},
  translate: {"defaultEncoding":1,"translateDelay":0,"msgToTraditionalChinese":"繁","msgToSimplifiedChinese":"简"},
  noticeOutdate: undefined,
  highlight: {"plugin":"highlight.js","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":200},
  copy: {
    success: '复制成功',
    error: '复制错误',
    noSupport: '浏览器不支持'
  },
  relativeDate: {
    homepage: true,
    post: true
  },
  runtime: '',
  dateSuffix: {
    just: '刚刚',
    min: '分钟前',
    hour: '小时前',
    day: '天前',
    month: '个月前'
  },
  copyright: undefined,
  lightbox: 'fancybox',
  Snackbar: undefined,
  infinitegrid: {
    js: 'https://cdn.staticfile.org/egjs-infinitegrid/4.11.0/infinitegrid.min.js',
    buttonText: '加载更多'
  },
  isPhotoFigcaption: false,
  islazyload: false,
  isAnchor: false,
  percent: {
    toc: true,
    rightside: true,
  },
  autoDarkmode: false
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = {
  title: '分类: 技术教程',
  isPost: true,
  isHome: false,
  isHighlightShrink: false,
  isToc: true,
  postUpdate: '2024-02-02 23:00:40'
}</script><script>(win=>{
      win.saveToLocal = {
        set: (key, value, ttl) => {
          if (ttl === 0) return
          const now = Date.now()
          const expiry = now + ttl * 86400000
          const item = {
            value,
            expiry
          }
          localStorage.setItem(key, JSON.stringify(item))
        },
      
        get: key => {
          const itemStr = localStorage.getItem(key)
      
          if (!itemStr) {
            return undefined
          }
          const item = JSON.parse(itemStr)
          const now = Date.now()
      
          if (now > item.expiry) {
            localStorage.removeItem(key)
            return undefined
          }
          return item.value
        }
      }
    
      win.getScript = (url, attr = {}) => new Promise((resolve, reject) => {
        const script = document.createElement('script')
        script.src = url
        script.async = true
        script.onerror = reject
        script.onload = script.onreadystatechange = function() {
          const loadState = this.readyState
          if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
          script.onload = script.onreadystatechange = null
          resolve()
        }

        Object.keys(attr).forEach(key => {
          script.setAttribute(key, attr[key])
        })

        document.head.appendChild(script)
      })
    
      win.getCSS = (url, id = false) => new Promise((resolve, reject) => {
        const link = document.createElement('link')
        link.rel = 'stylesheet'
        link.href = url
        if (id) link.id = id
        link.onerror = reject
        link.onload = link.onreadystatechange = function() {
          const loadState = this.readyState
          if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
          link.onload = link.onreadystatechange = null
          resolve()
        }
        document.head.appendChild(link)
      })
    
      win.activateDarkMode = () => {
        document.documentElement.setAttribute('data-theme', 'dark')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
        }
      }
      win.activateLightMode = () => {
        document.documentElement.setAttribute('data-theme', 'light')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
        }
      }
      const t = saveToLocal.get('theme')
    
        if (t === 'dark') activateDarkMode()
        else if (t === 'light') activateLightMode()
      
      const asideStatus = saveToLocal.get('aside-status')
      if (asideStatus !== undefined) {
        if (asideStatus === 'hide') {
          document.documentElement.classList.add('hide-aside')
        } else {
          document.documentElement.classList.remove('hide-aside')
        }
      }
    
      const detectApple = () => {
        if(/iPad|iPhone|iPod|Macintosh/.test(navigator.userAgent)){
          document.documentElement.classList.add('apple')
        }
      }
      detectApple()
    })(window)</script><meta name="generator" content="Hexo 6.3.0"></head><body><div id="loading-box"><div class="loading-left-bg"></div><div class="loading-right-bg"></div><div class="spinner-box"><div class="configure-border-1"><div class="configure-core"></div></div><div class="configure-border-2"><div class="configure-core"></div></div><div class="loading-word">加载中...</div></div></div><script>(()=>{
  const $loadingBox = document.getElementById('loading-box')
  const $body = document.body
  const preloader = {
    endLoading: () => {
      $body.style.overflow = ''
      $loadingBox.classList.add('loaded')
    },
    initLoading: () => {
      $body.style.overflow = 'hidden'
      $loadingBox.classList.remove('loaded')
    }
  }

  preloader.initLoading()
  window.addEventListener('load',() => { preloader.endLoading() })

  if (false) {
    document.addEventListener('pjax:send', () => { preloader.initLoading() })
    document.addEventListener('pjax:complete', () => { preloader.endLoading() })
  }
})()</script><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="avatar-img is-center"><img src="https://qiniu.ko25891wan.top/%E6%97%A5%E8%AE%B0%E8%BD%AF%E4%BB%B6/%E5%A4%B4%E5%83%8F/%E7%81%B0%E5%A4%AA%E7%8B%BC.png" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="sidebar-site-data site-data is-center"><a href="/archives/"><div class="headline">文章</div><div class="length-num">120</div></a><a href="/tags/"><div class="headline">标签</div><div class="length-num">4</div></a><a href="/categories/"><div class="headline">分类</div><div class="length-num">22</div></a></div><hr class="custom-hr"/><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 时间轴</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page group" href="javascript:void(0);"><i class="fa-fw fa fa-heartbeat"></i><span> 清单</span><i class="fas fa-chevron-down"></i></a><ul class="menus_item_child"><li><a class="site-page child" href="/music/"><i class="fa-fw fas fa-music"></i><span> 音乐</span></a></li><li><a class="site-page child" href="/Gallery/"><i class="fa-fw fas fa-images"></i><span> 照片</span></a></li><li><a class="site-page child" href="/movies/"><i class="fa-fw fas fa-video"></i><span> 电影</span></a></li></ul></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 友链</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div><div class="menus_item"><a class="site-page group" href="javascript:void(0);"><i class="fa-fw fas fa-tools"></i><span> 工具</span><i class="fas fa-chevron-down"></i></a><ul class="menus_item_child"><li><a class="site-page child" href="/md_editor/"><i class="fa-fw fas fa-pen"></i><span> MDEditor_my</span></a></li></ul></div></div></div></div><div class="post" id="body-wrap"><header class="not-top-img" id="page-header"><nav id="nav"><span id="blog-info"><a href="/" title="小小程序员"><span class="site-name">小小程序员</span></a></span><div id="menus"><div id="search-button"><a class="site-page social-icon search" href="javascript:void(0);"><i class="fas fa-search fa-fw"></i><span> 搜索</span></a></div><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 时间轴</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page group" href="javascript:void(0);"><i class="fa-fw fa fa-heartbeat"></i><span> 清单</span><i class="fas fa-chevron-down"></i></a><ul class="menus_item_child"><li><a class="site-page child" href="/music/"><i class="fa-fw fas fa-music"></i><span> 音乐</span></a></li><li><a class="site-page child" href="/Gallery/"><i class="fa-fw fas fa-images"></i><span> 照片</span></a></li><li><a class="site-page child" href="/movies/"><i class="fa-fw fas fa-video"></i><span> 电影</span></a></li></ul></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 友链</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div><div class="menus_item"><a class="site-page group" href="javascript:void(0);"><i class="fa-fw fas fa-tools"></i><span> 工具</span><i class="fas fa-chevron-down"></i></a><ul class="menus_item_child"><li><a class="site-page child" href="/md_editor/"><i class="fa-fw fas fa-pen"></i><span> MDEditor_my</span></a></li></ul></div></div><div id="toggle-menu"><a class="site-page" href="javascript:void(0);"><i class="fas fa-bars fa-fw"></i></a></div></div></nav></header><main class="layout" id="content-inner"><div id="post"><div id="post-info"><h1 class="post-title">手把手教你搞定权限管理，结合Spring Security实现接口的动态权限控制！</h1><div id="post-meta"><div class="meta-firstline"><span class="post-meta-date"><i class="far fa-calendar-alt fa-fw post-meta-icon"></i><span class="post-meta-label">发表于</span><time class="post-meta-date-created" datetime="2024-01-21T09:27:44.000Z" title="发表于 2024-01-21 17:27:44">2024-01-21</time><span class="post-meta-separator">|</span><i class="fas fa-history fa-fw post-meta-icon"></i><span class="post-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2024-02-02T15:00:40.491Z" title="更新于 2024-02-02 23:00:40">2024-02-02</time></span><span class="post-meta-categories"><span class="post-meta-separator">|</span><i class="fas fa-inbox fa-fw post-meta-icon"></i><a class="post-meta-categories" href="/categories/%E6%8A%80%E6%9C%AF%E6%95%99%E7%A8%8B/">技术教程</a><i class="fas fa-angle-right post-meta-separator"></i><i class="fas fa-inbox fa-fw post-meta-icon"></i><a class="post-meta-categories" href="/categories/%E6%8A%80%E6%9C%AF%E6%95%99%E7%A8%8B/mall/">mall</a><i class="fas fa-angle-right post-meta-separator"></i><i class="fas fa-inbox fa-fw post-meta-icon"></i><a class="post-meta-categories" href="/categories/%E6%8A%80%E6%9C%AF%E6%95%99%E7%A8%8B/mall/%E6%8A%80%E6%9C%AF%E8%A6%81%E7%82%B9%E7%AF%87/">技术要点篇</a></span></div><div class="meta-secondline"><span class="post-meta-separator">|</span><span class="post-meta-wordcount"><i class="far fa-file-word fa-fw post-meta-icon"></i><span class="post-meta-label">字数总计:</span><span class="word-count">3.4k</span><span class="post-meta-separator">|</span><i class="far fa-clock fa-fw post-meta-icon"></i><span class="post-meta-label">阅读时长:</span><span>14分钟</span></span><span class="post-meta-separator">|</span><span class="post-meta-pv-cv" id="" data-flag-title="手把手教你搞定权限管理，结合Spring Security实现接口的动态权限控制！"><i class="far fa-eye fa-fw post-meta-icon"></i><span class="post-meta-label">阅读量:</span><span id="busuanzi_value_page_pv"><i class="fa-solid fa-spinner fa-spin"></i></span></span></div></div></div><article class="post-content" id="article-container"><blockquote>
<p>权限控管理作为后台管理系统中必要的功能，mall 项目中结合 Spring Security 实现了基于路径的动态权限控制，可以对后台接口访问进行细粒度的控制，今天我们来讲下它的后端实现原理。</p>
</blockquote>
<h2 id="👍-相关视频教程"><a href="#👍-相关视频教程" class="headerlink" title="#👍 相关视频教程"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#%F0%9F%91%8D-%E7%9B%B8%E5%85%B3%E8%A7%86%E9%A2%91%E6%95%99%E7%A8%8B">#</a>👍 相关视频教程</h2><ul>
<li><a target="_blank" rel="noopener" href="https://t.zsxq.com/0eyQIie0j">权限模块数据库表解析open in new window</a></li>
<li><a target="_blank" rel="noopener" href="https://t.zsxq.com/0e8QESTEU">权限模块接口设计与实现_上篇open in new window</a></li>
<li><a target="_blank" rel="noopener" href="https://t.zsxq.com/0envLA5Wv">权限模块接口设计与实现_下篇open in new window</a></li>
<li><a target="_blank" rel="noopener" href="https://t.zsxq.com/0ejEYq7xJ">结合Spring Security实现接口的动态权限控制open in new window</a></li>
</ul>
<h2 id="前置知识"><a href="#前置知识" class="headerlink" title="#前置知识"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#%E5%89%8D%E7%BD%AE%E7%9F%A5%E8%AF%86">#</a>前置知识</h2><blockquote>
<p>学习本文需要一些Spring Security的知识，对Spring Security不太了解的朋友可以看下以下文章。</p>
</blockquote>
<ul>
<li><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/architect/mall_arch_04.html">mall整合SpringSecurity和JWT实现认证和授权（一）</a></li>
<li><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/architect/mall_arch_05.html">mall整合SpringSecurity和JWT实现认证和授权（二）</a></li>
<li><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/springsecurity_use.html">仅需四步，整合SpringSecurity+JWT实现登录认证 ！</a></li>
</ul>
<h2 id="数据库设计"><a href="#数据库设计" class="headerlink" title="#数据库设计"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#%E6%95%B0%E6%8D%AE%E5%BA%93%E8%AE%BE%E8%AE%A1">#</a>数据库设计</h2><blockquote>
<p>权限管理相关表已经重新设计，将原来的权限拆分成了菜单和资源，菜单管理用于控制前端菜单的显示和隐藏，资源管理用来控制后端接口的访问权限。</p>
</blockquote>
<h3 id="数据库表结构"><a href="#数据库表结构" class="headerlink" title="#数据库表结构"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A1%A8%E7%BB%93%E6%9E%84">#</a>数据库表结构</h3><blockquote>
<p>其中<code>ums_admin</code>、<code>ums_role</code>、<code>ums_admin_role_relation</code>为原来的表，其他均为新增表。</p>
</blockquote>
<p><img src="https://qiniu.ko25891wan.top/%E6%97%A5%E8%AE%B0%E8%BD%AF%E4%BB%B6/obsition/2024-02-02_23:00:37_mall_permission_back_01-f447d1cb.png"></p>
<h3 id="数据库表介绍"><a href="#数据库表介绍" class="headerlink" title="#数据库表介绍"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A1%A8%E4%BB%8B%E7%BB%8D">#</a>数据库表介绍</h3><blockquote>
<p>接下来我们将对每张表的用途做个详细介绍。</p>
</blockquote>
<h4 id="ums-admin"><a href="#ums-admin" class="headerlink" title="#ums_admin"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#ums-admin">#</a>ums_admin</h4><blockquote>
<p>后台用户表，定义了后台用户的一些基本信息。</p>
</blockquote>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line">create table ums_admin</span><br><span class="line">(</span><br><span class="line">   id                   bigint not null auto_increment,</span><br><span class="line">   username             varchar(64) comment &#x27;用户名&#x27;,</span><br><span class="line">   password             varchar(64) comment &#x27;密码&#x27;,</span><br><span class="line">   icon                 varchar(500) comment &#x27;头像&#x27;,</span><br><span class="line">   email                varchar(100) comment &#x27;邮箱&#x27;,</span><br><span class="line">   nick_name            varchar(200) comment &#x27;昵称&#x27;,</span><br><span class="line">   note                 varchar(500) comment &#x27;备注信息&#x27;,</span><br><span class="line">   create_time          datetime comment &#x27;创建时间&#x27;,</span><br><span class="line">   login_time           datetime comment &#x27;最后登录时间&#x27;,</span><br><span class="line">   status               int(1) default 1 comment &#x27;帐号启用状态：0-&gt;禁用；1-&gt;启用&#x27;,</span><br><span class="line">   primary key (id)</span><br><span class="line">);</span><br></pre></td></tr></table></figure>

<h4 id="ums-role"><a href="#ums-role" class="headerlink" title="#ums_role"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#ums-role">#</a>ums_role</h4><blockquote>
<p>后台用户角色表，定义了后台用户角色的一些基本信息，通过给后台用户分配角色来实现菜单和资源的分配。</p>
</blockquote>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line">create table ums_role</span><br><span class="line">(</span><br><span class="line">   id                   bigint not null auto_increment,</span><br><span class="line">   name                 varchar(100) comment &#x27;名称&#x27;,</span><br><span class="line">   description          varchar(500) comment &#x27;描述&#x27;,</span><br><span class="line">   admin_count          int comment &#x27;后台用户数量&#x27;,</span><br><span class="line">   create_time          datetime comment &#x27;创建时间&#x27;,</span><br><span class="line">   status               int(1) default 1 comment &#x27;启用状态：0-&gt;禁用；1-&gt;启用&#x27;,</span><br><span class="line">   sort                 int default 0,</span><br><span class="line">   primary key (id)</span><br><span class="line">);</span><br><span class="line"></span><br></pre></td></tr></table></figure>

<h4 id="ums-admin-role-relation"><a href="#ums-admin-role-relation" class="headerlink" title="#ums_admin_role_relation"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#ums-admin-role-relation">#</a>ums_admin_role_relation</h4><blockquote>
<p>后台用户和角色关系表，多对多关系表，一个角色可以分配给多个用户。</p>
</blockquote>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">create table ums_admin_role_relation</span><br><span class="line">(</span><br><span class="line">   id                   bigint not null auto_increment,</span><br><span class="line">   admin_id             bigint,</span><br><span class="line">   role_id              bigint,</span><br><span class="line">   primary key (id)</span><br><span class="line">);</span><br></pre></td></tr></table></figure>

<h4 id="ums-menu"><a href="#ums-menu" class="headerlink" title="#ums_menu"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#ums-menu">#</a>ums_menu</h4><blockquote>
<p>后台菜单表，用于控制后台用户可以访问的菜单，支持隐藏、排序和更改名称、图标。</p>
</blockquote>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line">create table ums_menu</span><br><span class="line">(</span><br><span class="line">   id                   bigint not null auto_increment,</span><br><span class="line">   parent_id            bigint comment &#x27;父级ID&#x27;,</span><br><span class="line">   create_time          datetime comment &#x27;创建时间&#x27;,</span><br><span class="line">   title                varchar(100) comment &#x27;菜单名称&#x27;,</span><br><span class="line">   level                int(4) comment &#x27;菜单级数&#x27;,</span><br><span class="line">   sort                 int(4) comment &#x27;菜单排序&#x27;,</span><br><span class="line">   name                 varchar(100) comment &#x27;前端名称&#x27;,</span><br><span class="line">   icon                 varchar(200) comment &#x27;前端图标&#x27;,</span><br><span class="line">   hidden               int(1) comment &#x27;前端隐藏&#x27;,</span><br><span class="line">   primary key (id)</span><br><span class="line">);</span><br></pre></td></tr></table></figure>

<h4 id="ums-resource"><a href="#ums-resource" class="headerlink" title="#ums_resource"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#ums-resource">#</a>ums_resource</h4><blockquote>
<p>后台资源表，用于控制后台用户可以访问的接口，使用了Ant路径的匹配规则，可以使用通配符定义一系列接口的权限。</p>
</blockquote>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">create table ums_resource</span><br><span class="line">(</span><br><span class="line">   id                   bigint not null auto_increment,</span><br><span class="line">   category_id          bigint comment &#x27;资源分类ID&#x27;,</span><br><span class="line">   create_time          datetime comment &#x27;创建时间&#x27;,</span><br><span class="line">   name                 varchar(200) comment &#x27;资源名称&#x27;,</span><br><span class="line">   url                  varchar(200) comment &#x27;资源URL&#x27;,</span><br><span class="line">   description          varchar(500) comment &#x27;描述&#x27;,</span><br><span class="line">   primary key (id)</span><br><span class="line">);</span><br></pre></td></tr></table></figure>

<h4 id="ums-resource-category"><a href="#ums-resource-category" class="headerlink" title="#ums_resource_category"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#ums-resource-category">#</a>ums_resource_category</h4><blockquote>
<p>后台资源分类表，在细粒度进行权限控制时，可能资源会比较多，所以设计了个资源分类的概念，便于给角色分配资源。</p>
</blockquote>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">create table ums_resource_category</span><br><span class="line">(</span><br><span class="line">   id                   bigint not null auto_increment,</span><br><span class="line">   create_time          datetime comment &#x27;创建时间&#x27;,</span><br><span class="line">   name                 varchar(200) comment &#x27;分类名称&#x27;,</span><br><span class="line">   sort                 int(4) comment &#x27;排序&#x27;,</span><br><span class="line">   primary key (id)</span><br><span class="line">);</span><br></pre></td></tr></table></figure>

<h4 id="ums-role-menu-relation"><a href="#ums-role-menu-relation" class="headerlink" title="#ums_role_menu_relation"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#ums-role-menu-relation">#</a>ums_role_menu_relation</h4><blockquote>
<p>后台角色菜单关系表，多对多关系，可以给一个角色分配多个菜单。</p>
</blockquote>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">create table ums_role_menu_relation</span><br><span class="line">(</span><br><span class="line">   id                   bigint not null auto_increment,</span><br><span class="line">   role_id              bigint comment &#x27;角色ID&#x27;,</span><br><span class="line">   menu_id              bigint comment &#x27;菜单ID&#x27;,</span><br><span class="line">   primary key (id)</span><br><span class="line">);</span><br></pre></td></tr></table></figure>

<h4 id="ums-role-resource-relation"><a href="#ums-role-resource-relation" class="headerlink" title="#ums_role_resource_relation"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#ums-role-resource-relation">#</a>ums_role_resource_relation</h4><blockquote>
<p>后台角色资源关系表，多对多关系，可以给一个角色分配多个资源。</p>
</blockquote>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">create table ums_role_resource_relation</span><br><span class="line">(</span><br><span class="line">   id                   bigint not null auto_increment,</span><br><span class="line">   role_id              bigint comment &#x27;角色ID&#x27;,</span><br><span class="line">   resource_id          bigint comment &#x27;资源ID&#x27;,</span><br><span class="line">   primary key (id)</span><br><span class="line">);</span><br></pre></td></tr></table></figure>

<h2 id="结合Spring-Security实现"><a href="#结合Spring-Security实现" class="headerlink" title="#结合Spring Security实现"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#%E7%BB%93%E5%90%88spring-security%E5%AE%9E%E7%8E%B0">#</a>结合Spring Security实现</h2><blockquote>
<p>实现动态权限是在原<code>mall-security</code>模块的基础上进行改造完成的，原实现有不清楚的可以自行参照<code>前置知识</code>中的文档来学习。</p>
</blockquote>
<h3 id="以前的权限控制"><a href="#以前的权限控制" class="headerlink" title="#以前的权限控制"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#%E4%BB%A5%E5%89%8D%E7%9A%84%E6%9D%83%E9%99%90%E6%8E%A7%E5%88%B6">#</a>以前的权限控制</h3><blockquote>
<p>以前的权限控制是采用Spring Security的默认机制实现的，下面我们以商品模块的代码为例来讲讲实现原理。</p>
</blockquote>
<ul>
<li>首先我们在需要权限的接口上使用<code>@PreAuthorize</code>注解定义好需要的权限；</li>
</ul>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br></pre></td><td class="code"><pre><span class="line">/**</span><br><span class="line"> * 商品管理Controller</span><br><span class="line"> * Created by macro on 2018/4/26.</span><br><span class="line"> */</span><br><span class="line">@Controller</span><br><span class="line">@Api(tags = &quot;PmsProductController&quot;, description = &quot;商品管理&quot;)</span><br><span class="line">@RequestMapping(&quot;/product&quot;)</span><br><span class="line">public class PmsProductController &#123;</span><br><span class="line">    @Autowired</span><br><span class="line">    private PmsProductService productService;</span><br><span class="line"></span><br><span class="line">    @ApiOperation(&quot;创建商品&quot;)</span><br><span class="line">    @RequestMapping(value = &quot;/create&quot;, method = RequestMethod.POST)</span><br><span class="line">    @ResponseBody</span><br><span class="line">    @PreAuthorize(&quot;hasAuthority(&#x27;pms:product:create&#x27;)&quot;)</span><br><span class="line">    public CommonResult create(@RequestBody PmsProductParam productParam, BindingResult bindingResult) &#123;</span><br><span class="line">        int count = productService.create(productParam);</span><br><span class="line">        if (count &gt; 0) &#123;</span><br><span class="line">            return CommonResult.success(count);</span><br><span class="line">        &#125; else &#123;</span><br><span class="line">            return CommonResult.failed();</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<ul>
<li>然后将该权限值存入到权限表中，当用户登录时，将其所拥有的权限查询出来；</li>
</ul>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line">/**</span><br><span class="line"> * UmsAdminService实现类</span><br><span class="line"> * Created by macro on 2018/4/26.</span><br><span class="line"> */</span><br><span class="line">@Service</span><br><span class="line">public class UmsAdminServiceImpl implements UmsAdminService &#123;</span><br><span class="line">    @Override</span><br><span class="line">    public UserDetails loadUserByUsername(String username)&#123;</span><br><span class="line">        //获取用户信息</span><br><span class="line">        UmsAdmin admin = getAdminByUsername(username);</span><br><span class="line">        if (admin != null) &#123;</span><br><span class="line">            List&lt;UmsPermission&gt; permissionList = getPermissionList(admin.getId());</span><br><span class="line">            return new AdminUserDetails(admin,permissionList);</span><br><span class="line">        &#125;</span><br><span class="line">        throw new UsernameNotFoundException(&quot;用户名或密码错误&quot;);</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<ul>
<li><p>之后Spring Security把用户拥有的权限值和接口上注解定义的权限值进行比对，如果包含则可以访问，反之就不可以访问；</p>
</li>
<li><p>但是这样做会带来一些问题，我们需要在每个接口上都定义好访问该接口的权限值，而且只能挨个控制接口的权限，无法批量控制。其实每个接口都可以由它的访问路径唯一确定，我们可以使用基于路径的动态权限控制来解决这些问题。</p>
</li>
</ul>
<h3 id="基于路径的动态权限控制"><a href="#基于路径的动态权限控制" class="headerlink" title="#基于路径的动态权限控制"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#%E5%9F%BA%E4%BA%8E%E8%B7%AF%E5%BE%84%E7%9A%84%E5%8A%A8%E6%80%81%E6%9D%83%E9%99%90%E6%8E%A7%E5%88%B6">#</a>基于路径的动态权限控制</h3><blockquote>
<p>接下来我们详细介绍下如何使用Spring Security实现基于路径的动态权限。</p>
</blockquote>
<p>首先我们需要创建一个过滤器，用于实现动态权限控制，这里需要注意的是<code>doFilter</code>方法，对于OPTIONS请求直接放行，否则前端调用会出现跨域问题。对于配置在<code>IgnoreUrlsConfig</code>中的白名单路径我也需要直接放行，所有的鉴权操作都会在<code>super.beforeInvocation(fi)</code>中进行。</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br></pre></td><td class="code"><pre><span class="line">/**</span><br><span class="line"> * 动态权限过滤器，用于实现基于路径的动态权限过滤</span><br><span class="line"> * Created by macro on 2020/2/7.</span><br><span class="line"> */</span><br><span class="line">public class DynamicSecurityFilter extends AbstractSecurityInterceptor implements Filter &#123;</span><br><span class="line"></span><br><span class="line">    @Autowired</span><br><span class="line">    private DynamicSecurityMetadataSource dynamicSecurityMetadataSource;</span><br><span class="line">    @Autowired</span><br><span class="line">    private IgnoreUrlsConfig ignoreUrlsConfig;</span><br><span class="line"></span><br><span class="line">    @Autowired</span><br><span class="line">    public void setMyAccessDecisionManager(DynamicAccessDecisionManager dynamicAccessDecisionManager) &#123;</span><br><span class="line">        super.setAccessDecisionManager(dynamicAccessDecisionManager);</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    @Override</span><br><span class="line">    public void init(FilterConfig filterConfig) throws ServletException &#123;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    @Override</span><br><span class="line">    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException &#123;</span><br><span class="line">        HttpServletRequest request = (HttpServletRequest) servletRequest;</span><br><span class="line">        FilterInvocation fi = new FilterInvocation(servletRequest, servletResponse, filterChain);</span><br><span class="line">        //OPTIONS请求直接放行</span><br><span class="line">        if(request.getMethod().equals(HttpMethod.OPTIONS.toString()))&#123;</span><br><span class="line">            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());</span><br><span class="line">            return;</span><br><span class="line">        &#125;</span><br><span class="line">        //白名单请求直接放行</span><br><span class="line">        PathMatcher pathMatcher = new AntPathMatcher();</span><br><span class="line">        for (String path : ignoreUrlsConfig.getUrls()) &#123;</span><br><span class="line">            if(pathMatcher.match(path,request.getRequestURI()))&#123;</span><br><span class="line">                fi.getChain().doFilter(fi.getRequest(), fi.getResponse());</span><br><span class="line">                return;</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line">        //此处会调用AccessDecisionManager中的decide方法进行鉴权操作</span><br><span class="line">        InterceptorStatusToken token = super.beforeInvocation(fi);</span><br><span class="line">        try &#123;</span><br><span class="line">            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());</span><br><span class="line">        &#125; finally &#123;</span><br><span class="line">            super.afterInvocation(token, null);</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    @Override</span><br><span class="line">    public void destroy() &#123;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    @Override</span><br><span class="line">    public Class&lt;?&gt; getSecureObjectClass() &#123;</span><br><span class="line">        return FilterInvocation.class;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    @Override</span><br><span class="line">    public SecurityMetadataSource obtainSecurityMetadataSource() &#123;</span><br><span class="line">        return dynamicSecurityMetadataSource;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">&#125;</span><br><span class="line"></span><br></pre></td></tr></table></figure>

<p>在DynamicSecurityFilter中调用super.beforeInvocation(fi)方法时会调用AccessDecisionManager中的decide方法用于鉴权操作，而decide方法中的configAttributes参数会通过SecurityMetadataSource中的getAttributes方法来获取，configAttributes其实就是配置好的访问当前接口所需要的权限，下面是简化版的beforeInvocation源码。</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br></pre></td><td class="code"><pre><span class="line">public abstract class AbstractSecurityInterceptor implements InitializingBean,</span><br><span class="line">		ApplicationEventPublisherAware, MessageSourceAware &#123;</span><br><span class="line">    </span><br><span class="line"></span><br><span class="line">protected InterceptorStatusToken beforeInvocation(Object object) &#123;</span><br><span class="line">        </span><br><span class="line">        //获取元数据</span><br><span class="line">		Collection&lt;ConfigAttribute&gt; attributes = this.obtainSecurityMetadataSource()</span><br><span class="line">				.getAttributes(object);</span><br><span class="line"></span><br><span class="line">		Authentication authenticated = authenticateIfRequired();</span><br><span class="line"></span><br><span class="line">		//进行鉴权操作</span><br><span class="line">		try &#123;</span><br><span class="line">			this.accessDecisionManager.decide(authenticated, object, attributes);</span><br><span class="line">		&#125;</span><br><span class="line">		catch (AccessDeniedException accessDeniedException) &#123;</span><br><span class="line">			publishEvent(new AuthorizationFailureEvent(object, attributes, authenticated,</span><br><span class="line">					accessDeniedException));</span><br><span class="line"></span><br><span class="line">			throw accessDeniedException;</span><br><span class="line">		&#125;</span><br><span class="line">	&#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>知道了鉴权的原理，接下来我们需要自己实现SecurityMetadataSource接口的getAttributes方法，用于获取当前访问路径所需资源。</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br></pre></td><td class="code"><pre><span class="line">/**</span><br><span class="line"> * 动态权限数据源，用于获取动态权限规则</span><br><span class="line"> * Created by macro on 2020/2/7.</span><br><span class="line"> */</span><br><span class="line">public class DynamicSecurityMetadataSource implements FilterInvocationSecurityMetadataSource &#123;</span><br><span class="line"></span><br><span class="line">    private static Map&lt;String, ConfigAttribute&gt; configAttributeMap = null;</span><br><span class="line">    @Autowired</span><br><span class="line">    private DynamicSecurityService dynamicSecurityService;</span><br><span class="line"></span><br><span class="line">    @PostConstruct</span><br><span class="line">    public void loadDataSource() &#123;</span><br><span class="line">        configAttributeMap = dynamicSecurityService.loadDataSource();</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    public void clearDataSource() &#123;</span><br><span class="line">        configAttributeMap.clear();</span><br><span class="line">        configAttributeMap = null;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    @Override</span><br><span class="line">    public Collection&lt;ConfigAttribute&gt; getAttributes(Object o) throws IllegalArgumentException &#123;</span><br><span class="line">        if (configAttributeMap == null) this.loadDataSource();</span><br><span class="line">        List&lt;ConfigAttribute&gt;  configAttributes = new ArrayList&lt;&gt;();</span><br><span class="line">        //获取当前访问的路径</span><br><span class="line">        String url = ((FilterInvocation) o).getRequestUrl();</span><br><span class="line">        String path = URLUtil.getPath(url);</span><br><span class="line">        PathMatcher pathMatcher = new AntPathMatcher();</span><br><span class="line">        Iterator&lt;String&gt; iterator = configAttributeMap.keySet().iterator();</span><br><span class="line">        //获取访问该路径所需资源</span><br><span class="line">        while (iterator.hasNext()) &#123;</span><br><span class="line">            String pattern = iterator.next();</span><br><span class="line">            if (pathMatcher.match(pattern, path)) &#123;</span><br><span class="line">                configAttributes.add(configAttributeMap.get(pattern));</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line">        // 未设置操作请求权限，返回空集合</span><br><span class="line">        return configAttributes;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    @Override</span><br><span class="line">    public Collection&lt;ConfigAttribute&gt; getAllConfigAttributes() &#123;</span><br><span class="line">        return null;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    @Override</span><br><span class="line">    public boolean supports(Class&lt;?&gt; aClass) &#123;</span><br><span class="line">        return true;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>由于我们的后台资源规则被缓存在了一个Map对象之中，所以当后台资源发生变化时，我们需要清空缓存的数据，然后下次查询时就会被重新加载进来。这里我们需要修改UmsResourceController类，注入DynamicSecurityMetadataSource，当修改后台资源时，需要调用clearDataSource方法来清空缓存的数据。</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br></pre></td><td class="code"><pre><span class="line">/**</span><br><span class="line"> * 后台资源管理Controller</span><br><span class="line"> * Created by macro on 2020/2/4.</span><br><span class="line"> */</span><br><span class="line">@Controller</span><br><span class="line">@Api(tags = &quot;UmsResourceController&quot;, description = &quot;后台资源管理&quot;)</span><br><span class="line">@RequestMapping(&quot;/resource&quot;)</span><br><span class="line">public class UmsResourceController &#123;</span><br><span class="line"></span><br><span class="line">    @Autowired</span><br><span class="line">    private UmsResourceService resourceService;</span><br><span class="line">    @Autowired</span><br><span class="line">    private DynamicSecurityMetadataSource dynamicSecurityMetadataSource;</span><br><span class="line"></span><br><span class="line">    @ApiOperation(&quot;添加后台资源&quot;)</span><br><span class="line">    @RequestMapping(value = &quot;/create&quot;, method = RequestMethod.POST)</span><br><span class="line">    @ResponseBody</span><br><span class="line">    public CommonResult create(@RequestBody UmsResource umsResource) &#123;</span><br><span class="line">        int count = resourceService.create(umsResource);</span><br><span class="line">        dynamicSecurityMetadataSource.clearDataSource();</span><br><span class="line">        if (count &gt; 0) &#123;</span><br><span class="line">            return CommonResult.success(count);</span><br><span class="line">        &#125; else &#123;</span><br><span class="line">            return CommonResult.failed();</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;</span><br><span class="line"> &#125;</span><br></pre></td></tr></table></figure>

<p>之后我们需要实现AccessDecisionManager接口来实现权限校验，对于没有配置资源的接口我们直接允许访问，对于配置了资源的接口，我们把访问所需资源和用户拥有的资源进行比对，如果匹配则允许访问。</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br></pre></td><td class="code"><pre><span class="line">/**</span><br><span class="line"> * 动态权限决策管理器，用于判断用户是否有访问权限</span><br><span class="line"> * Created by macro on 2020/2/7.</span><br><span class="line"> */</span><br><span class="line">public class DynamicAccessDecisionManager implements AccessDecisionManager &#123;</span><br><span class="line"></span><br><span class="line">    @Override</span><br><span class="line">    public void decide(Authentication authentication, Object object,</span><br><span class="line">                       Collection&lt;ConfigAttribute&gt; configAttributes) throws AccessDeniedException, InsufficientAuthenticationException &#123;</span><br><span class="line">        // 当接口未被配置资源时直接放行</span><br><span class="line">        if (CollUtil.isEmpty(configAttributes)) &#123;</span><br><span class="line">            return;</span><br><span class="line">        &#125;</span><br><span class="line">        Iterator&lt;ConfigAttribute&gt; iterator = configAttributes.iterator();</span><br><span class="line">        while (iterator.hasNext()) &#123;</span><br><span class="line">            ConfigAttribute configAttribute = iterator.next();</span><br><span class="line">            //将访问所需资源或用户拥有资源进行比对</span><br><span class="line">            String needAuthority = configAttribute.getAttribute();</span><br><span class="line">            for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) &#123;</span><br><span class="line">                if (needAuthority.trim().equals(grantedAuthority.getAuthority())) &#123;</span><br><span class="line">                    return;</span><br><span class="line">                &#125;</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line">        throw new AccessDeniedException(&quot;抱歉，您没有访问权限&quot;);</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    @Override</span><br><span class="line">    public boolean supports(ConfigAttribute configAttribute) &#123;</span><br><span class="line">        return true;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    @Override</span><br><span class="line">    public boolean supports(Class&lt;?&gt; aClass) &#123;</span><br><span class="line">        return true;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>我们之前在DynamicSecurityMetadataSource中注入了一个DynamicSecurityService对象，它是我自定义的一个动态权限业务接口，其主要用于加载所有的后台资源规则。</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">/**</span><br><span class="line"> * 动态权限相关业务类</span><br><span class="line"> * Created by macro on 2020/2/7.</span><br><span class="line"> */</span><br><span class="line">public interface DynamicSecurityService &#123;</span><br><span class="line">    /**</span><br><span class="line">     * 加载资源ANT通配符和资源对应MAP</span><br><span class="line">     */</span><br><span class="line">    Map&lt;String, ConfigAttribute&gt; loadDataSource();</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>接下来我们需要修改Spring Security的配置类SecurityConfig，当有动态权限业务类时在FilterSecurityInterceptor过滤器前添加我们的动态权限过滤器。这里在创建动态权限相关对象时，还使用了@ConditionalOnBean这个注解，当没有动态权限业务类时就不会创建动态权限相关对象，实现了有动态权限控制和没有这两种情况的兼容。</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br></pre></td><td class="code"><pre><span class="line">/**</span><br><span class="line"> * 对SpringSecurity的配置的扩展，支持自定义白名单资源路径和查询用户逻辑</span><br><span class="line"> * Created by macro on 2019/11/5.</span><br><span class="line"> */</span><br><span class="line">public class SecurityConfig extends WebSecurityConfigurerAdapter &#123;</span><br><span class="line"></span><br><span class="line">    @Autowired(required = false)</span><br><span class="line">    private DynamicSecurityService dynamicSecurityService;</span><br><span class="line"></span><br><span class="line">    @Override</span><br><span class="line">    protected void configure(HttpSecurity httpSecurity) throws Exception &#123;</span><br><span class="line">        ExpressionUrlAuthorizationConfigurer&lt;HttpSecurity&gt;.ExpressionInterceptUrlRegistry registry = httpSecurity</span><br><span class="line">                .authorizeRequests();</span><br><span class="line">        //有动态权限配置时添加动态权限校验过滤器</span><br><span class="line">        if(dynamicSecurityService!=null)&#123;</span><br><span class="line">            registry.and().addFilterBefore(dynamicSecurityFilter(), FilterSecurityInterceptor.class);</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    @ConditionalOnBean(name = &quot;dynamicSecurityService&quot;)</span><br><span class="line">    @Bean</span><br><span class="line">    public DynamicAccessDecisionManager dynamicAccessDecisionManager() &#123;</span><br><span class="line">        return new DynamicAccessDecisionManager();</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">    @ConditionalOnBean(name = &quot;dynamicSecurityService&quot;)</span><br><span class="line">    @Bean</span><br><span class="line">    public DynamicSecurityFilter dynamicSecurityFilter() &#123;</span><br><span class="line">        return new DynamicSecurityFilter();</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    @ConditionalOnBean(name = &quot;dynamicSecurityService&quot;)</span><br><span class="line">    @Bean</span><br><span class="line">    public DynamicSecurityMetadataSource dynamicSecurityMetadataSource() &#123;</span><br><span class="line">        return new DynamicSecurityMetadataSource();</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">&#125;</span><br><span class="line"></span><br></pre></td></tr></table></figure>

<p>这里还有个问题需要提下，当前端跨域访问没有权限的接口时，会出现跨域问题，只需要在没有权限访问的处理类RestfulAccessDeniedHandler中添加允许跨域访问的响应头即可。</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line">/**</span><br><span class="line"> * 自定义返回结果：没有权限访问时</span><br><span class="line"> * Created by macro on 2018/4/26.</span><br><span class="line"> */</span><br><span class="line">public class RestfulAccessDeniedHandler implements AccessDeniedHandler&#123;</span><br><span class="line">    @Override</span><br><span class="line">    public void handle(HttpServletRequest request,</span><br><span class="line">                       HttpServletResponse response,</span><br><span class="line">                       AccessDeniedException e) throws IOException, ServletException &#123;</span><br><span class="line">        response.setHeader(&quot;Access-Control-Allow-Origin&quot;, &quot;*&quot;);</span><br><span class="line">        response.setHeader(&quot;Cache-Control&quot;,&quot;no-cache&quot;);</span><br><span class="line">        response.setCharacterEncoding(&quot;UTF-8&quot;);</span><br><span class="line">        response.setContentType(&quot;application/json&quot;);</span><br><span class="line">        response.getWriter().println(JSONUtil.parse(CommonResult.forbidden(e.getMessage())));</span><br><span class="line">        response.getWriter().flush();</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>当我们其他模块需要动态权限控制时，只要创建一个DynamicSecurityService对象就行了，比如在<code>mall-admin</code>模块中我们启用了动态权限功能。</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br></pre></td><td class="code"><pre><span class="line">/**</span><br><span class="line"> * mall-security模块相关配置</span><br><span class="line"> * Created by macro on 2019/11/9.</span><br><span class="line"> */</span><br><span class="line">@Configuration</span><br><span class="line">@EnableWebSecurity</span><br><span class="line">@EnableGlobalMethodSecurity(prePostEnabled = true)</span><br><span class="line">public class MallSecurityConfig extends SecurityConfig &#123;</span><br><span class="line"></span><br><span class="line">    @Autowired</span><br><span class="line">    private UmsAdminService adminService;</span><br><span class="line">    @Autowired</span><br><span class="line">    private UmsResourceService resourceService;</span><br><span class="line"></span><br><span class="line">    @Bean</span><br><span class="line">    public UserDetailsService userDetailsService() &#123;</span><br><span class="line">        //获取登录用户信息</span><br><span class="line">        return username -&gt; adminService.loadUserByUsername(username);</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    @Bean</span><br><span class="line">    public DynamicSecurityService dynamicSecurityService() &#123;</span><br><span class="line">        return new DynamicSecurityService() &#123;</span><br><span class="line">            @Override</span><br><span class="line">            public Map&lt;String, ConfigAttribute&gt; loadDataSource() &#123;</span><br><span class="line">                Map&lt;String, ConfigAttribute&gt; map = new ConcurrentHashMap&lt;&gt;();</span><br><span class="line">                List&lt;UmsResource&gt; resourceList = resourceService.listAll();</span><br><span class="line">                for (UmsResource resource : resourceList) &#123;</span><br><span class="line">                    map.put(resource.getUrl(), new org.springframework.security.access.SecurityConfig(resource.getId() + &quot;:&quot; + resource.getName()));</span><br><span class="line">                &#125;</span><br><span class="line">                return map;</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<h2 id="权限管理功能演示"><a href="#权限管理功能演示" class="headerlink" title="#权限管理功能演示"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#%E6%9D%83%E9%99%90%E7%AE%A1%E7%90%86%E5%8A%9F%E8%83%BD%E6%BC%94%E7%A4%BA">#</a>权限管理功能演示</h2><p>具体参考：<a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/database/mall_permission.html">大家心心念念的权限管理功能，这次安排上了！</a></p>
<h2 id="项目源码地址"><a href="#项目源码地址" class="headerlink" title="#项目源码地址"></a><a target="_blank" rel="noopener" href="https://www.macrozheng.com/mall/technology/permission_back.html#%E9%A1%B9%E7%9B%AE%E6%BA%90%E7%A0%81%E5%9C%B0%E5%9D%80">#</a>项目源码地址</h2><p><a target="_blank" rel="noopener" href="https://github.com/macrozheng/mall">https://github.com/macrozheng/mall</a></p>
</article><div class="post-copyright"><div class="post-copyright__author"><span class="post-copyright-meta"><i class="fas fa-circle-user fa-fw"></i>文章作者: </span><span class="post-copyright-info"><a href="https://ko25891wan.gitlab.io">十一星野</a></span></div><div class="post-copyright__type"><span class="post-copyright-meta"><i class="fas fa-square-arrow-up-right fa-fw"></i>文章链接: </span><span class="post-copyright-info"><a href="https://ko25891wan.gitlab.io/2024/01/a454573acf05.html">https://ko25891wan.gitlab.io/2024/01/a454573acf05.html</a></span></div><div class="post-copyright__notice"><span class="post-copyright-meta"><i class="fas fa-circle-exclamation fa-fw"></i>版权声明: </span><span class="post-copyright-info">本博客所有文章除特别声明外，均采用 <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/" target="_blank">CC BY-NC-SA 4.0</a> 许可协议。转载请注明来自 <a href="https://ko25891wan.gitlab.io" target="_blank">小小程序员</a>！</span></div></div><div class="tag_share"><div class="post-meta__tag-list"></div><div class="post_share"></div></div><nav class="pagination-post" id="pagination"><div class="prev-post pull-left"><a href="/2024/01/bee47c823421.html" title="手把手教你搞定权限管理，结合Vue实现菜单的动态权限控制！"><div class="cover" style="background: var(--default-bg-color)"></div><div class="pagination-info"><div class="label">上一篇</div><div class="prev_info">手把手教你搞定权限管理，结合Vue实现菜单的动态权限控制！</div></div></a></div><div class="next-post pull-right"><a href="/2024/01/be3416f09619.html" title="使用Redis+AOP优化权限管理功能，这波操作贼爽！"><div class="cover" style="background: var(--default-bg-color)"></div><div class="pagination-info"><div class="label">下一篇</div><div class="next_info">使用Redis+AOP优化权限管理功能，这波操作贼爽！</div></div></a></div></nav></div><div class="aside-content" id="aside-content"><div class="card-widget card-info"><div class="is-center"><div class="avatar-img"><img src="https://qiniu.ko25891wan.top/%E6%97%A5%E8%AE%B0%E8%BD%AF%E4%BB%B6/%E5%A4%B4%E5%83%8F/%E7%81%B0%E5%A4%AA%E7%8B%BC.png" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/></div><div class="author-info__name">十一星野</div><div class="author-info__description">归途也还可爱</div></div><div class="card-info-data site-data is-center"><a href="/archives/"><div class="headline">文章</div><div class="length-num">120</div></a><a href="/tags/"><div class="headline">标签</div><div class="length-num">4</div></a><a href="/categories/"><div class="headline">分类</div><div class="length-num">22</div></a></div><a id="card-info-btn" target="_blank" rel="noopener" href="https://gitlab.com/ko25891wan/ko25891wan.gitlab.io"><i class="fab fa-github"></i><span>关注我</span></a><div class="card-info-social-icons is-center"><a class="social-icon" href="https://gitlab.com/ko25891wan/ko25891wan.gitlab.io" target="_blank" title="Github"><i class="fab fa-github" style="color: #24292e;"></i></a><a class="social-icon" href="https://gitlab.com/ko25891wan/ko25891wan.gitlab.io" target="_blank" title="Gitlab"><i class="fab fa-gitlab" style="color: #24292e;"></i></a><a class="social-icon" href="mailto:ko25891wan@outlook.com" target="_blank" title="Email"><i class="fas fa-envelope" style="color: #4a7dbe;"></i></a></div></div><div class="card-widget card-announcement"><div class="item-headline"><i class="fas fa-bullhorn fa-shake"></i><span>公告</span></div><div class="announcement_content">This is my Blog</div></div><div class="sticky_layout"><div class="card-widget" id="card-toc"><div class="item-headline"><i class="fas fa-stream"></i><span>目录</span><span class="toc-percentage"></span></div><div class="toc-content"><ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#%F0%9F%91%8D-%E7%9B%B8%E5%85%B3%E8%A7%86%E9%A2%91%E6%95%99%E7%A8%8B"><span class="toc-number">1.</span> <span class="toc-text">👍 相关视频教程</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%89%8D%E7%BD%AE%E7%9F%A5%E8%AF%86"><span class="toc-number">2.</span> <span class="toc-text">前置知识</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E6%95%B0%E6%8D%AE%E5%BA%93%E8%AE%BE%E8%AE%A1"><span class="toc-number">3.</span> <span class="toc-text">数据库设计</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A1%A8%E7%BB%93%E6%9E%84"><span class="toc-number">3.1.</span> <span class="toc-text">数据库表结构</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E6%95%B0%E6%8D%AE%E5%BA%93%E8%A1%A8%E4%BB%8B%E7%BB%8D"><span class="toc-number">3.2.</span> <span class="toc-text">数据库表介绍</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#ums-admin"><span class="toc-number">3.2.1.</span> <span class="toc-text">ums_admin</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#ums-role"><span class="toc-number">3.2.2.</span> <span class="toc-text">ums_role</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#ums-admin-role-relation"><span class="toc-number">3.2.3.</span> <span class="toc-text">ums_admin_role_relation</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#ums-menu"><span class="toc-number">3.2.4.</span> <span class="toc-text">ums_menu</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#ums-resource"><span class="toc-number">3.2.5.</span> <span class="toc-text">ums_resource</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#ums-resource-category"><span class="toc-number">3.2.6.</span> <span class="toc-text">ums_resource_category</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#ums-role-menu-relation"><span class="toc-number">3.2.7.</span> <span class="toc-text">ums_role_menu_relation</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#ums-role-resource-relation"><span class="toc-number">3.2.8.</span> <span class="toc-text">ums_role_resource_relation</span></a></li></ol></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E7%BB%93%E5%90%88Spring-Security%E5%AE%9E%E7%8E%B0"><span class="toc-number">4.</span> <span class="toc-text">结合Spring Security实现</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#%E4%BB%A5%E5%89%8D%E7%9A%84%E6%9D%83%E9%99%90%E6%8E%A7%E5%88%B6"><span class="toc-number">4.1.</span> <span class="toc-text">以前的权限控制</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E5%9F%BA%E4%BA%8E%E8%B7%AF%E5%BE%84%E7%9A%84%E5%8A%A8%E6%80%81%E6%9D%83%E9%99%90%E6%8E%A7%E5%88%B6"><span class="toc-number">4.2.</span> <span class="toc-text">基于路径的动态权限控制</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E6%9D%83%E9%99%90%E7%AE%A1%E7%90%86%E5%8A%9F%E8%83%BD%E6%BC%94%E7%A4%BA"><span class="toc-number">5.</span> <span class="toc-text">权限管理功能演示</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E9%A1%B9%E7%9B%AE%E6%BA%90%E7%A0%81%E5%9C%B0%E5%9D%80"><span class="toc-number">6.</span> <span class="toc-text">项目源码地址</span></a></li></ol></div></div><div class="card-widget card-recent-post"><div class="item-headline"><i class="fas fa-history"></i><span>最新文章</span></div><div class="aside-list"><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2024/02/c60470b9a892.html" title="Java集合使用注意事项总结">Java集合使用注意事项总结</a><time datetime="2024-02-03T04:58:22.000Z" title="发表于 2024-02-03 12:58:22">2024-02-03</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2024/02/81fb7a201f29.html" title="无题">无题</a><time datetime="2024-02-03T03:15:31.812Z" title="发表于 2024-02-03 11:15:31">2024-02-03</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2024/01/5737c1ec69a9.html" title="Wed Jan 17 2024 00:00:00 GMT+0800 (中国标准时间)">Wed Jan 17 2024 00:00:00 GMT+0800 (中国标准时间)</a><time datetime="2024-01-31T06:56:16.000Z" title="发表于 2024-01-31 14:56:16">2024-01-31</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2024/01/f510db7d2f19.html" title="Spring常见面试题总结">Spring常见面试题总结</a><time datetime="2024-01-31T06:55:58.000Z" title="发表于 2024-01-31 14:55:58">2024-01-31</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2024/01/9be065e9f288.html" title="redis 面试">redis 面试</a><time datetime="2024-01-31T06:55:55.000Z" title="发表于 2024-01-31 14:55:55">2024-01-31</time></div></div></div></div></div></div></main><footer id="footer"><div id="footer-wrap"><div class="copyright">&copy;2023 - 2024 By 十一星野</div><div class="framework-info"><span>框架 </span><a target="_blank" rel="noopener" href="https://hexo.io">Hexo</a><span class="footer-separator">|</span><span>主题 </span><a target="_blank" rel="noopener" href="https://github.com/jerryc127/hexo-theme-butterfly">Butterfly</a></div></div></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="readmode" type="button" title="阅读模式"><i class="fas fa-book-open"></i></button><button id="translateLink" type="button" title="简繁转换">简</button><button id="darkmode" type="button" title="浅色和深色模式转换"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button" title="单栏和双栏切换"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside-config" type="button" title="设置"><i class="fas fa-cog fa-spin"></i></button><button class="close" id="mobile-toc-button" type="button" title="目录"><i class="fas fa-list-ul"></i></button><button id="go-up" type="button" title="回到顶部"><span class="scroll-percent"></span><i class="fas fa-arrow-up"></i></button></div></div><div><script src="/js/utils.js"></script><script src="/js/main.js"></script><script src="/js/tw_cn.js"></script><script src="https://cdn.staticfile.org/fancyapps-ui/5.0.32/fancybox/fancybox.umd.min.js"></script><script src="https://cdn.staticfile.org/instant.page/5.2.0/instantpage.min.js" type="module"></script><div class="js-pjax"></div><script async data-pjax src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script><div id="local-search"><div class="search-dialog"><nav class="search-nav"><span class="search-dialog-title">搜索</span><span id="loading-status"></span><button class="search-close-button"><i class="fas fa-times"></i></button></nav><div class="is-center" id="loading-database"><i class="fas fa-spinner fa-pulse"></i><span>  数据库加载中</span></div><div class="search-wrap"><div id="local-search-input"><div class="local-search-box"><input class="local-search-box--input" placeholder="搜索文章" type="text"/></div></div><hr/><div id="local-search-results"></div><div id="local-search-stats-wrap"></div></div></div><div id="search-mask"></div><script src="/js/search/local-search.js"></script></div></div></body></html>